]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/application_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check the oauth token and then use the capabilities directly
[rails.git] / app / controllers / application_controller.rb
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 690bdf5ca5140dad6448e86af7e6d02732ce7c35..20fcc5f4739ff1bbb42054feec5c7042fa5fa28d 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -469,11 +469,12 @@ class ApplicationController < ActionController::Base
   end
 
   def current_ability
-    Ability.new(current_user).merge(granted_capability)
-  end
-
-  def granted_capability
-    Capability.new(current_user, current_token)
+    # Add in capabilities from the oauth token if it exists and is a valid access token
+    if Authenticator.new(self, [:token]).allow?
+      Ability.new(current_user).merge(Capability.new(current_token))
+    else
+      Ability.new(current_user)
+    end
   end
 
   def deny_access(_exception)
The OpenStreetMap web site